CVE-2024-10131 represents a critical Remote Code Execution (RCE) vulnerability discovered in infiniflow/ragflow, specifically within the add_llm function. This flaw allows attackers to potentially execute arbitrary code on systems running vulnerable versions (≤latest). The vulnerability stems from insufficient input validation when handling user-supplied data used to dynamically instantiate classes. Prompt patching is crucial to mitigate this risk.
The impact of CVE-2024-10131 is severe. An attacker can leverage the vulnerability to execute arbitrary code within the context of the ragflow application. This could lead to complete system compromise, including data exfiltration, malware installation, and denial of service. The ability to dynamically instantiate classes based on user input bypasses intended security controls, creating a direct pathway for malicious code execution. Successful exploitation could grant an attacker persistent access and control over the affected system, potentially leading to broader network compromise if the system has access to sensitive resources or internal networks.
CVE-2024-10131 was publicly disclosed on 2024-10-19. Currently, no public proof-of-concept (PoC) code has been released, but the vulnerability's nature suggests a relatively high probability of exploitation. It is not listed on the CISA KEV catalog as of this writing. The ease of exploitation, given the lack of input validation, warrants immediate attention and mitigation efforts.
Exploit Status
EPSS
2.97% (86% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2024-10131 is to upgrade to a patched version of ragflow as soon as it becomes available. Until a patch is applied, implement strict input validation on all user-supplied data, particularly the req['llmfactory'] and req['llmname'] parameters within the add_llm function. Consider implementing a Web Application Firewall (WAF) with rules to detect and block suspicious requests containing potentially malicious payloads. Regularly review and audit the ragflow configuration to ensure adherence to security best practices. Monitor application logs for any unusual activity or error messages related to class instantiation.
Actualice la biblioteca infiniflow/ragflow a una versión posterior a 0.11.0 que corrija la vulnerabilidad de ejecución remota de código. Verifique las notas de la versión para confirmar que la vulnerabilidad CVE-2024-10131 ha sido abordada. Si no hay una versión corregida disponible, considere implementar validación y sanitización de entradas en la función `add_llm` para mitigar el riesgo.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-10131 is a critical RCE vulnerability in infiniflow/ragflow versions up to 0.11.0. It allows attackers to execute arbitrary code by manipulating input parameters, potentially leading to system compromise.
If you are using ragflow version 0.11.0 or earlier, you are potentially affected by this vulnerability. Immediately assess your environment and apply the recommended mitigations.
The recommended fix is to upgrade to a patched version of ragflow as soon as it becomes available. Until then, implement strict input validation on user-supplied data.
While no public exploits are currently known, the vulnerability's ease of exploitation suggests a high probability of active exploitation. Monitor your systems closely.
Refer to the infiniflow/ragflow project's official repository and communication channels for updates and advisories regarding CVE-2024-10131.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your requirements.txt file and we'll tell you instantly if you're affected.